Towards Automating Security Enhancement for Cloud Services

Cloud infrastructures provide new facilities (elasticity, load balancing, easy integration) to build and maintain elaborated services built from multiple resources in a flexible manner. The changes that continuously affect these services, in particular the migration of resources amongst such cloud infrastructures, induce configuration changes. These latter may generate new vulnerabilities that can compromise the confidentiality, integrity and availability of services. Our approach aims at automating the security enhancement of cloud composite services during the migration of their elementary resources. In that context, it first relies on investigating to what extent orchestration languages can be extended to support such automation. It then requires the design of a framework enabling security automation, in order to adapt and complement the configuration of these elementary resources. This includes specifying dedicated algorithms for selecting adequate security mechanisms before, during and after the migration of one or several resources composing an elaborated service. Finally, it should exploit the complementary of endogenous and exogenous mechanisms for supporting such security enhancement.